GNOME Bugzilla – Bug 743930
Poppler JPXStream.cc JPXStream::fillReadBuf() received SIGSEGV Memory Corruption Vulnerability
Last modified: 2015-02-05 11:45:36 UTC
d 0xb5fffb40 (LWP 20749) exited] [New Thread 0xb5fffb40 (LWP 20750)] [New Thread 0xb57feb40 (LWP 20755)] Error: PDF file is damaged - attempting to reconstruct xref table... Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb57feb40 (LWP 20755)] [----------------------------------registers-----------------------------------] EAX: 0x21d9ead EBX: 0xb3ac5ff4 --> 0x1b0ba4 ECX: 0x0 EDX: 0x0 ESI: 0xb357a778 --> 0xb3ac32c8 --> 0xb3974390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) EDI: 0x215bf35c EBP: 0x0 ESP: 0xb57fd85c --> 0x0 EIP: 0xb397457a (<_ZN9JPXStream11fillReadBufEv+186>: add ecx,DWORD PTR [edi+0x30]) EFLAGS: 0x210207 (CARRY PARITY adjust zero sign trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0xb397456c <_ZN9JPXStream11fillReadBufEv+172>: add edi,DWORD PTR [esi+0xb4] 0xb3974572 <_ZN9JPXStream11fillReadBufEv+178>: mov DWORD PTR [esp+0xc],edx 0xb3974576 <_ZN9JPXStream11fillReadBufEv+182>: mov edx,DWORD PTR [esp+0x8] => 0xb397457a <_ZN9JPXStream11fillReadBufEv+186>: add ecx,DWORD PTR [edi+0x30] 0xb397457d <_ZN9JPXStream11fillReadBufEv+189>: mov ebp,DWORD PTR [ecx+0xc] 0xb3974580 <_ZN9JPXStream11fillReadBufEv+192>: lea eax,[ebp+edx*1-0x1] 0xb3974584 <_ZN9JPXStream11fillReadBufEv+196>: xor edx,edx 0xb3974586 <_ZN9JPXStream11fillReadBufEv+198>: div ebp [------------------------------------stack-------------------------------------] 0000| 0xb57fd85c --> 0x0 0004| 0xb57fd860 --> 0x0 0008| 0xb57fd864 --> 0x0 0012| 0xb57fd868 --> 0x1b 0016| 0xb57fd86c --> 0x9d 0020| 0xb57fd870 --> 0xb357a778 --> 0xb3ac32c8 --> 0xb3974390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) 0024| 0xb57fd874 --> 0x0 0028| 0xb57fd878 --> 0xb357a778 --> 0xb3ac32c8 --> 0xb3974390 (<_ZN9JPXStreamD2Ev>: sub esp,0x1c) [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV 0xb397457a in JPXStream::fillReadBuf() () from /usr/lib/i386-linux-gnu/libpoppler.so.19 gdb-peda$
Any testcase available?
I'm sorry I forgot to add testcase. You can find here.
Created attachment 296173 [details] Crasher
Thanks for reporting in poppler's bugzilla and adding the reference here. Closing this one as NOTGNOME.